Update Web App SQL Connection string.

JMN-2253 616 Reputation points
2025-02-10T14:57:58.65+00:00

Hello there,

We are changing our Azure SQL Database from Publica access to Private endpoint and denying public access.

The development team is no longer available. I noticed they used "Environment variables ==> Connection strings" and provided the value to connect to SQL.

If I updated this value to use the new connection string (with Private endpoint), then do you think this is enough?

Is there any possibility that they hard-coded the SQL connection string in the code?

If yes, Is there any way to be proactive find it?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,469 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sina Salam 18,876 Reputation points
    2025-02-11T12:11:15.6866667+00:00

    Hello

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you would like to update Web App SQL Connection string.

    Regarding your questions:

    If I updated this value to use the new connection string (with Private endpoint), then do you think this is enough?

    That might not be enough, you would need to verify or follow standards as below:

    1. Verify Environment Variable Update
    2. Verify Externalized Configurations
    3. Verify Database Connectivity & Authentication
    4. Monitor and Fix New Issues
    5. Restart Application and Verify

    If you follow these steps, you might have no issue.

    Is there any possibility that they hard-coded the SQL connection string in the code?

    Yes, it is possible. This is what you need to do: Search for Hard-Coded Connection Strings Proactively by performing:

    1. Manual Code Review, you will need to search for files where database connections are established (e.g., appsettings.json, .env, .cs, .java, .py, .js files).
    2. Automated Search Using Code Scanning Tools:
      1. For Linux/macOS:
                    grep -Ril "Server=" /path/to/codebase
                    grep -Ril "Data Source=" /path/to/codebase
        
      2. For Windows:
                    findstr /sim /c:"Server=" *.*
                    findstr /sim /c:"Data Source=" *.*
        
    3. Use Static Analysis Tools: Run SonarQube or GitHub Secret Scanning to detect hard-coded credentials and search for Encoded Secrets: If credentials are stored as base64, search for:
         grep -Ril "c2VydmVy" /path/to/codebase  # "server" encoded in base64
      

    If yes, Is there any way to be proactive find it?

    Follow the steps as stated above on what to do.

    You can use the below resources to read more and find hard-coded and other issues:

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.


    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.